package com.wudi.estate.config;

import com.wudi.estate.service.impl.security.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(createPassword());
    }
    @Bean
    PasswordEncoder createPassword(){
        return  new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling().accessDeniedPage("/admin/unAuth");
        http.formLogin()//自定义自己编写的页面
                .loginPage("/admin/loginUi")//登录的页面设置
                .loginProcessingUrl("/admin/login")//登陆访问的路径（登录后去到那个controller）
                .defaultSuccessUrl("/admin/index")//认证成功后跳转的路径
                .permitAll()//允许操作
                .and().authorizeRequests()
                .antMatchers("/","/admin/loginUi","/admin/logout").permitAll()//那些不需要认证
                .antMatchers("/community/**").hasAnyRole("小区管理员","系统管理员")
                .antMatchers("/buildings/**","/homes/**").hasAnyRole("房产管理员","系统管理员")
                .antMatchers("/personnel/**","/pet/**","/vehicle/**").hasAnyRole("人员管理员","系统管理员")
                .antMatchers("/parking/**","/parkingUsage/**").hasAnyRole("车位管理员","系统管理员")
                .antMatchers("/activity/**","/complain/**","/repair/**","/mailBox/**").hasAnyRole("服务管理员","系统管理员")
                .antMatchers("/asset/**").hasAnyRole("资产管理员","系统管理员")
                .antMatchers("/charges/**","/payItems/**").hasAnyRole("收费管理员","系统管理员")
//                .antMatchers("/charges/**","/payItems/**").hasAnyRole("收费管理员")
                .anyRequest().authenticated()
                .and().csrf().disable();//关闭csrf的防护方式
//                iframe可用
                http.headers().frameOptions().disable();
    }
    @Override
    public void configure(WebSecurity webSecurity)throws Exception{
        webSecurity.ignoring().antMatchers("/images/**","/js/**","/lib/**","/css/**","/error/**");
    }
}
//public class SecurityConfig {
//
//    @Bean
//    public UserDetailsService userDetailsService(){
//        return new UserDetailsServiceImpl();
//    }
//
//    @Bean
//    PasswordEncoder createPassword(){
//        return  new BCryptPasswordEncoder();
//    }
//
//    @Bean
//    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//        http.exceptionHandling().accessDeniedPage("/admin/unAuth");
//        http.formLogin()//自定义自己编写的页面
//                .loginPage("/admin/loginUi")//登录的页面设置
//                .loginProcessingUrl("/admin/login")//登陆访问的路径（登录后去到那个controller）
//                .defaultSuccessUrl("/admin/index")//认证成功后跳转的路径
//                .permitAll()//允许操作
//                .and().authorizeRequests()
//                .antMatchers("/","/admin/loginUi").permitAll()//那些不需要认证
//                .antMatchers("/community/**").hasAnyAuthority("ROLE_小区管理员")
//                .anyRequest().authenticated()
//                .and().csrf().disable();//关闭csrf的防护方式
//        http.headers().frameOptions().sameOrigin();
//        return http.build();
//    }
//    @Bean
//    public WebSecurityCustomizer webSecurityCustomizer() throws  Exception{
//        return  (web -> web.ignoring().antMatchers("/images/**","/js/**"));
//    }
//}